published shrinkwrap.json

meteor / node-stubs

Stub implementations of Node built-in modules, a la Browserify

MIT License

17 stars 8 forks source link

published shrinkwrap.json #7

Closed pociej closed 6 years ago

pociej commented 7 years ago

Is there any good reason to have shrinkwrap.json published ?
https://docs.npmjs.com/files/shrinkwrap.json says

It's strongly discouraged for library authors to publish this file, since that would prevent end users from having control over transitive dependency updates.

benjamn commented 6 years ago

We're using a package-lock.json file now, which is never published to npm: https://github.com/meteor/node-stubs/commit/f64e023202f1b19b78af2c7b6bdbbe12e868627f

We're still using bundledDependencies, though, so meteor-node-stubs/node_modules will still contain the direct dependencies.